diff options
61 files changed, 266 insertions, 52 deletions
diff --git a/apps/apps.c b/apps/apps.c index 248c65a..613c3ba 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -125,7 +125,9 @@ #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif #include <openssl/bn.h> #define NON_MAIN @@ -57,6 +57,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include <stdio.h> #include <stdlib.h> diff --git a/apps/dhparam.c b/apps/dhparam.c index e3cabcf..04bd57c 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -109,6 +109,7 @@ * */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DH #include <stdio.h> #include <stdlib.h> @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include <stdio.h> #include <stdlib.h> diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 14e79f9..c301e81 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED diff --git a/apps/gendh.c b/apps/gendh.c index 69baa50..4749786 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -57,6 +57,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED diff --git a/apps/gendsa.c b/apps/gendsa.c index 6d2ed06..828e27f 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_DSA #include <stdio.h> #include <string.h> diff --git a/apps/genrsa.c b/apps/genrsa.c index f0bb30c..4f62cfd 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED diff --git a/apps/prime.c b/apps/prime.c index 36bbe08..af2fed1 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -115,7 +115,7 @@ int MAIN(int argc, char **argv) BN_print(bio_out,bn); BIO_printf(bio_out," is %sprime\n", - BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not "); + BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); BN_free(bn); BIO_free_all(bio_out); @@ -79,6 +79,13 @@ #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif #define SECTION "req" @@ -724,7 +731,9 @@ bad: if (newreq && (pkey == NULL)) { +#ifndef OPENSSL_NO_RSA BN_GENCB cb; +#endif char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> #ifndef OPENSSL_NO_RSA #include <stdio.h> #include <stdlib.h> diff --git a/apps/rsautl.c b/apps/rsautl.c index a629ff5..4638909 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -56,6 +56,7 @@ * */ +#include <openssl/opensslconf.h> #ifndef OPENSSL_NO_RSA #include "apps.h" diff --git a/apps/s_server.c b/apps/s_server.c index afc27e1..f83dd82 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -153,6 +153,12 @@ typedef unsigned int u_int; #include <openssl/x509.h> #include <openssl/ssl.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif #include "s_apps.h" #include "timeouts.h" @@ -530,7 +536,9 @@ int MAIN(int argc, char *argv[]) char *CApath=NULL,*CAfile=NULL; unsigned char *context = NULL; char *dhfile = NULL; +#ifndef OPENSSL_NO_ECDH char *named_curve = NULL; +#endif int badop=0,bugs=0; int ret=1; int off=0; diff --git a/apps/speed.c b/apps/speed.c index 8f2aac5..474f20c 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -286,9 +286,17 @@ static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static double rsa_results[RSA_NUM][2]; static double dsa_results[DSA_NUM][2]; +#ifndef OPENSSL_NO_ECDSA static double ecdsa_results[EC_NUM][2]; +#endif +#ifndef OPENSSL_NO_ECDH static double ecdh_results[EC_NUM][1]; +#endif +#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH)) +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +static int rnd_fake = 0; +#endif #ifdef SIGALRM #if defined(__STDC__) || defined(sgi) || defined(_AIX) @@ -448,6 +456,7 @@ static double Time_F(int s) #endif /* if defined(OPENSSL_SYS_NETWARE) */ +#ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { @@ -459,8 +468,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) return SHA1(in, inlen, out); #else return NULL; -#endif +#endif /* OPENSSL_NO_SHA */ } +#endif /* OPENSSL_NO_ECDH */ int MAIN(int, char **); @@ -695,8 +705,12 @@ int MAIN(int argc, char **argv) int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; +#ifndef OPENSSL_NO_ECDSA int ecdsa_doit[EC_NUM]; +#endif +#ifndef OPENSSL_NO_ECDH int ecdh_doit[EC_NUM]; +#endif int doit[ALGOR_NUM]; int pr_header=0; const EVP_CIPHER *evp_cipher=NULL; diff --git a/apps/x509.c b/apps/x509.c index 393d0d1..5f61eb5 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -73,8 +73,12 @@ #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif #undef PROG #define PROG x509_main diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 7dd4ae3..939979f 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -81,8 +81,10 @@ static int print(BIO *fp,const char *str, const BIGNUM *num, unsigned char *buf,int off); +#ifndef OPENSSL_NO_EC static int print_bin(BIO *fp, const char *str, const unsigned char *num, size_t len, int off); +#endif #ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_FP_API int RSA_print_fp(FILE *fp, const RSA *x, int off) @@ -601,6 +603,7 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char * return(1); } +#ifndef OPENSSL_NO_EC static int print_bin(BIO *fp, const char *name, const unsigned char *buf, size_t len, int off) { @@ -638,6 +641,7 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf, return 1; } +#endif #ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_FP_API diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 204ca10..c779a9b 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -63,8 +63,12 @@ #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/x509v3.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif #ifndef OPENSSL_NO_FP_API int X509_REQ_print_fp(FILE *fp, X509_REQ *x) diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index 23ab3b9..c2a5797 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -60,8 +60,12 @@ #include "cryptlib.h" #include <openssl/x509.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif #include <openssl/bn.h> /* Print out an SPKI */ diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index 50faa4a..91c2756 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -60,8 +60,12 @@ #include "cryptlib.h" #include <openssl/asn1t.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif /* Minor tweak to operation: free up EVP_PKEY */ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 3a78082..b982579 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -66,7 +66,9 @@ #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 66ff417..912317b 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -74,6 +74,7 @@ #include <openssl/rand.h> #include <openssl/bio.h> #include <openssl/err.h> +#include <openssl/bn.h> #ifdef OPENSSL_NO_DSA int main(int argc, char *argv[]) diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index c0414b9..01baa5f 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -73,10 +73,10 @@ #include "../e_os.h" +#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */ #include <openssl/crypto.h> #include <openssl/bio.h> #include <openssl/bn.h> -#include <openssl/ec.h> #include <openssl/objects.h> #include <openssl/rand.h> #include <openssl/sha.h> @@ -89,6 +89,7 @@ int main(int argc, char *argv[]) return(0); } #else +#include <openssl/ec.h> #include <openssl/ecdh.h> #ifdef OPENSSL_SYS_WIN16 diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index a481575..f7fba3b 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -69,12 +69,6 @@ * */ -/* Until the key-gen callbacks are modified to use newer prototypes, we allow - * deprecated functions for openssl-internal code */ -#ifdef OPENSSL_NO_DEPRECATED -#undef OPENSSL_NO_DEPRECATED -#endif - #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -92,6 +86,7 @@ int main(int argc, char * argv[]) #include <openssl/crypto.h> #include <openssl/bio.h> #include <openssl/evp.h> +#include <openssl/bn.h> #include <openssl/ecdsa.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index 7684406..13f211a 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -185,7 +185,8 @@ eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h eng_padlock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_padlock.o: ../../include/openssl/opensslconf.h eng_padlock.o: ../../include/openssl/opensslv.h diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index dd16d3b..5341daa 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -70,9 +70,15 @@ #include <openssl/pem.h> #include <openssl/evp.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no diff --git a/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c index cc9f9dc..4e1eae3 100644 --- a/crypto/engine/eng_padlock.c +++ b/crypto/engine/eng_padlock.c @@ -75,6 +75,7 @@ #include <openssl/aes.h> #endif #include <openssl/rand.h> +#include <openssl/err.h> #ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW_PADLOCK diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 4ce8f4c..c94fb28 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -100,23 +100,6 @@ extern "C" { #endif -/* Fixups for missing algorithms */ -#ifdef OPENSSL_NO_RSA -typedef void RSA_METHOD; -#endif -#ifdef OPENSSL_NO_DSA -typedef void DSA_METHOD; -#endif -#ifdef OPENSSL_NO_DH -typedef void DH_METHOD; -#endif -#ifdef OPENSSL_NO_ECDH -typedef void ECDH_METHOD; -#endif -#ifdef OPENSSL_NO_ECDSA -typedef void ECDSA_METHOD; -#endif - /* These flags are used to control combinations of algorithm (methods) * by bitwise "OR"ing. */ #define ENGINE_METHOD_RSA (unsigned int)0x0001 diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index b71555e..0147f3e 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -61,8 +61,12 @@ #include "cryptlib.h" #include <openssl/x509.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif #include <openssl/bn.h> #ifndef OPENSSL_NO_DSA diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c index 020f19c..a948c77 100644 --- a/crypto/evp/m_dss.c +++ b/crypto/evp/m_dss.c @@ -61,9 +61,12 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif #ifndef OPENSSL_NO_SHA + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c index a20056f..c12e139 100644 --- a/crypto/evp/m_dss1.c +++ b/crypto/evp/m_dss1.c @@ -64,7 +64,9 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c index 1eae4ed..5ce849f 100644 --- a/crypto/evp/m_md2.c +++ b/crypto/evp/m_md2.c @@ -65,7 +65,9 @@ #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/md2.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 0fb84b6..1e0b7c5 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -65,7 +65,9 @@ #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/md4.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 21288ee..63c1421 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -65,7 +65,9 @@ #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/md5.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index 087ad2d..a1d60ee 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -65,7 +65,9 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c index e995c12..acccc8f 100644 --- a/crypto/evp/m_sha.c +++ b/crypto/evp/m_sha.c @@ -64,7 +64,9 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return SHA_Init(ctx->md_data); } diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index daf6db6..4679b1c 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -64,7 +64,9 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 04b57e8..22155ec 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -64,9 +64,15 @@ #include <openssl/evp.h> #include <openssl/asn1_mac.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif static void EVP_PKEY_free_it(EVP_PKEY *x); diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index a9ac52d..66cbc7e 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -117,9 +117,15 @@ #include <openssl/x509.h> #include <openssl/pkcs7.h> #include <openssl/pem.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #ifndef OPENSSL_NO_RSA static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 489e71a..1644dfc 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -63,8 +63,12 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/pem.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif #ifndef OPENSSL_NO_FP_API STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c index 0458093..4e554e5 100644 --- a/crypto/pem/pem_seal.c +++ b/crypto/pem/pem_seal.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */ #ifndef OPENSSL_NO_RSA #include <stdio.h> #include "cryptlib.h" diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 84ec5d5..9039caa 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -64,8 +64,12 @@ #include <openssl/asn1.h> #include <openssl/evp.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif int X509_verify(X509 *a, EVP_PKEY *r) { diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c index 7d850a8..0f1dae7 100644 --- a/engines/e_4758cca.c +++ b/engines/e_4758cca.c @@ -61,7 +61,9 @@ #include <openssl/objects.h> #include <openssl/engine.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif #include <openssl/bn.h> #ifndef OPENSSL_NO_HW @@ -109,8 +111,10 @@ static int getModulusAndExponent(const unsigned char *token, long *exponentLengt static int cca_get_random_bytes(unsigned char*, int ); static int cca_random_status(void); +#ifndef OPENSSL_NO_RSA static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,long argl, void *argp); +#endif /* Function pointers for CCA verbs */ /*---------------------------------*/ @@ -154,7 +158,9 @@ static const char* n_pkaDecrypt = CSNDPKD; #endif static const char* n_randomNumberGenerate = CSNBRNG; +#ifndef OPENSSL_NO_RSA static int hndidx = -1; +#endif static DSO *dso = NULL; /* openssl engine initialization structures */ @@ -221,8 +227,10 @@ static int bind_helper(ENGINE *e) !ENGINE_set_init_function(e, ibm_4758_cca_init) || !ENGINE_set_finish_function(e, ibm_4758_cca_finish) || !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) || +#ifndef OPENSSL_NO_RSA !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) || !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) || +#endif !ENGINE_set_cmd_defns(e, cca4758_cmd_defns)) return 0; /* Ensure the error handling is set up */ @@ -304,8 +312,10 @@ static int ibm_4758_cca_init(ENGINE *e) } #endif +#ifndef OPENSSL_NO_RSA hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle", NULL, NULL, cca_ex_free); +#endif return 1; err: @@ -313,13 +323,15 @@ err: DSO_free(dso); dso = NULL; +#ifndef OPENSSL_NO_RSA keyRecordRead = (F_KEYRECORDREAD)0; - randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0; digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0; publicKeyExtract = (F_PUBLICKEYEXTRACT)0; pkaEncrypt = (F_PKAENCRYPT)0; pkaDecrypt = (F_PKADECRYPT)0; +#endif + randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; return 0; } @@ -339,6 +351,7 @@ static int ibm_4758_cca_finish(ENGINE *e) return 0; } dso = NULL; +#ifndef OPENSSL_NO_RSA keyRecordRead = (F_KEYRECORDREAD)0; randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0; @@ -346,6 +359,8 @@ static int ibm_4758_cca_finish(ENGINE *e) publicKeyExtract = (F_PUBLICKEYEXTRACT)0; pkaEncrypt = (F_PKAENCRYPT)0; pkaDecrypt = (F_PKADECRYPT)0; +#endif + randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; return 1; } @@ -951,12 +966,14 @@ static int cca_get_random_bytes(unsigned char* buf, int num) return 1; } +#ifndef OPENSSL_NO_RSA static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { if (item) OPENSSL_free(item); } +#endif /* Goo to handle building as a dynamic engine */ #ifndef OPENSSL_NO_DYNAMIC_ENGINE diff --git a/engines/e_aep.c b/engines/e_aep.c index c175a18..7307ddf 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -69,9 +69,15 @@ typedef int pid_t; #include <openssl/dso.h> #include <openssl/engine.h> #include <openssl/buffer.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> #ifndef OPENSSL_NO_HW @@ -98,12 +104,14 @@ static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection); static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use); /* BIGNUM stuff */ +#ifndef OPENSSL_NO_RSA static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx); +#endif /* RSA stuff */ #ifndef OPENSSL_NO_RSA @@ -111,8 +119,10 @@ static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ +#ifndef OPENSSL_NO_RSA static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif /* DSA stuff */ #ifndef OPENSSL_NO_DSA @@ -630,6 +640,7 @@ static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return to_return; } +#ifndef OPENSSL_NO_RSA static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx) @@ -666,6 +677,7 @@ static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, err: return rv; } +#endif #ifdef AEPRAND @@ -821,12 +833,14 @@ static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, } #endif +#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return aep_mod_exp(r, a, p, m, ctx); } +#endif #ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 8e11048..fabaa86 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -62,9 +62,15 @@ #include <openssl/buffer.h> #include <openssl/dso.h> #include <openssl/engine.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> #ifndef OPENSSL_NO_HW @@ -91,10 +97,10 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, #ifndef OPENSSL_NO_RSA /* RSA stuff */ static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif #ifndef OPENSSL_NO_DSA /* DSA stuff */ @@ -563,12 +569,14 @@ static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, } #endif +#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return atalla_mod_exp(r, a, p, m, ctx); } +#endif #ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ diff --git a/engines/e_chil.c b/engines/e_chil.c index 4c22bc9..3d75681 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -65,8 +65,12 @@ #include <openssl/engine.h> #include <openssl/ui.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> #ifndef OPENSSL_NO_HW @@ -108,9 +112,11 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, /* RSA stuff */ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif +#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif #ifndef OPENSSL_NO_DH /* DH stuff */ @@ -129,8 +135,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, void *callback_data); static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, void *callback_data); +#ifndef OPENSSL_NO_RSA static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int ind,long argl, void *argp); +#endif /* Interaction stuff */ static int hwcrhk_insert_card(const char *prompt_info, @@ -762,8 +770,8 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, #if !defined(OPENSSL_NO_RSA) char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg; -#endif HWCryptoHook_PassphraseContext ppctx; +#endif #if !defined(OPENSSL_NO_RSA) rmsg.buf = tempbuf; @@ -1071,12 +1079,14 @@ err: } #endif +#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return hwcrhk_mod_exp(r, a, p, m, ctx); } +#endif #ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ @@ -1135,7 +1145,7 @@ static int hwcrhk_rand_status(void) } /* This cleans up an RSA KM key, called when ex_data is freed */ - +#ifndef OPENSSL_NO_RSA static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) { @@ -1160,6 +1170,7 @@ static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, } #endif } +#endif /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model * these just wrap the POSIX functions and add some logging. diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 56a1967..2017e48 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -62,9 +62,15 @@ #include <openssl/buffer.h> #include <openssl/dso.h> #include <openssl/engine.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/rand.h> #include <openssl/bn.h> @@ -98,22 +104,26 @@ static int cswift_destroy(ENGINE *e); static int cswift_init(ENGINE *e); static int cswift_finish(ENGINE *e); static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); +#ifndef OPENSSL_NO_RSA static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in); +#endif /* BIGNUM stuff */ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); +#ifndef OPENSSL_NO_RSA static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx); +#endif #ifndef OPENSSL_NO_RSA /* RSA stuff */ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif #ifndef OPENSSL_NO_DSA /* DSA stuff */ @@ -570,6 +580,7 @@ err: } +#ifndef OPENSSL_NO_RSA int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in) { int mod; @@ -591,7 +602,9 @@ int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in) return 1; } +#endif +#ifndef OPENSSL_NO_RSA /* Un petit mod_exp chinois */ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1, @@ -723,6 +736,7 @@ err: release_context(hac); return to_return; } +#endif #ifndef OPENSSL_NO_RSA static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) @@ -760,7 +774,6 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx err: return to_return; } -#endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -788,6 +801,7 @@ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return cswift_mod_exp(r, a, p, m, ctx); } +#endif /* OPENSSL_NO_RSA */ #ifndef OPENSSL_NO_DSA static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) diff --git a/engines/e_nuron.c b/engines/e_nuron.c index f6875d1..4c2537c 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -62,9 +62,15 @@ #include <openssl/buffer.h> #include <openssl/dso.h> #include <openssl/engine.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> #ifndef OPENSSL_NO_HW @@ -242,11 +248,13 @@ static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, #endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ +#ifndef OPENSSL_NO_RSA static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return nuron_mod_exp(r, a, p, m, ctx); } +#endif #ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ diff --git a/engines/e_sureware.c b/engines/e_sureware.c index 66ffaf2..424b82f 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -57,9 +57,15 @@ #include <openssl/dso.h> #include <openssl/engine.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> #ifndef OPENSSL_NO_HW @@ -82,10 +88,12 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); /* RSA stuff */ +#ifndef OPENSSL_NO_RSA static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to, RSA *rsa,int padding); static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to, RSA *rsa,int padding); +#endif /* RAND stuff */ static int surewarehk_rand_bytes(unsigned char *buf, int num); diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index f0e4f73..8b6c98b 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -64,9 +64,15 @@ #include <openssl/buffer.h> #include <openssl/dso.h> #include <openssl/engine.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> #ifndef OPENSSL_NO_HW diff --git a/ssl/Makefile b/ssl/Makefile index 49b7ca4..f4a34a5 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -142,8 +142,9 @@ d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -d1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h -d1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h +d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h +d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h @@ -239,8 +240,9 @@ d1_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h d1_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_pkt.c d1_pkt.o: ssl_locl.h d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -d1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h -d1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h +d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h +d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index bcf5ebb..c0247fa 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -120,6 +120,10 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/md5.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif static SSL_METHOD *dtls1_get_client_method(int ver); static int dtls1_get_hello_verify(SSL *s); diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 6d07dd4..2d41b38 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -121,6 +121,10 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/md5.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif static SSL_METHOD *dtls1_get_server_method(int ver); static int dtls1_send_hello_verify_request(SSL *s); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d4f7cec..4f67cda 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -130,7 +130,9 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/md5.h> +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> static SSL_METHOD *ssl3_get_client_method(int ver); @@ -1608,6 +1610,7 @@ int ssl3_get_server_done(SSL *s) } +#ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { @@ -1619,8 +1622,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) return SHA1(in, inlen, out); #else return NULL; -#endif +#endif /* OPENSSL_NO_SHA */ } +#endif /* OPENSSL_NO_ECDH */ int ssl3_send_client_key_exchange(SSL *s) { @@ -2132,7 +2136,7 @@ int ssl3_send_client_verify(SSL *s) unsigned u=0; #endif unsigned long n; -#ifndef OPENSSL_NO_DSA +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) int j; #endif diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3f2c004..d9d6ddb 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -127,7 +127,9 @@ #include "ssl_locl.h" #include "kssl_lcl.h" #include <openssl/md5.h> +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 4b1931a..cd10334 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -133,7 +133,9 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> #ifndef OPENSSL_NO_KRB5 #include <openssl/krb5_asn.h> @@ -1642,6 +1644,7 @@ err: } +#ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { @@ -1653,8 +1656,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) return SHA1(in, inlen, out); #else return NULL; -#endif +#endif /* OPENSSL_NO_SHA */ } +#endif /* OPENSSL_NO_ECDH */ int ssl3_get_client_key_exchange(SSL *s) { diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 0c9bd07..997528e 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -121,7 +121,9 @@ #include <openssl/bio.h> #include <openssl/pem.h> #include <openssl/x509v3.h> +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> #include "ssl_locl.h" diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 383ba33..f8c8e1d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -125,7 +125,9 @@ #include <openssl/objects.h> #include <openssl/lhash.h> #include <openssl/x509v3.h> +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -1551,7 +1553,10 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) int rsa_enc_export,dh_rsa_export,dh_dsa_export; int rsa_tmp_export,dh_tmp_export,kl; unsigned long mask,emask; - int have_ecc_cert, have_ecdh_tmp, ecdh_ok, ecdsa_ok, ecc_pkey_size; + int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; +#ifndef OPENSSL_NO_ECDH + int have_ecdh_tmp; +#endif X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; int signature_nid = 0; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 8cbe26c..f61b1cd 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -127,8 +127,12 @@ #include <openssl/comp.h> #include <openssl/bio.h> #include <openssl/stack.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif #include <openssl/err.h> #include <openssl/ssl.h> #include <openssl/symhacks.h> diff --git a/ssl/ssltest.c b/ssl/ssltest.c index ef09a69..6949f96 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -143,9 +143,15 @@ #endif #include <openssl/err.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> +#endif #include <openssl/bn.h> #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly @@ -390,7 +396,9 @@ int main(int argc, char *argv[]) char *server_key=NULL; char *client_cert=TEST_CLIENT_CERT; char *client_key=NULL; +#ifndef OPENSSL_NO_ECDH char *named_curve = NULL; +#endif SSL_CTX *s_ctx=NULL; SSL_CTX *c_ctx=NULL; SSL_METHOD *meth=NULL; diff --git a/test/Makefile b/test/Makefile index 09f3787..756f59d 100644 --- a/test/Makefile +++ b/test/Makefile @@ -471,21 +471,16 @@ ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h -ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h -ecdsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h +ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ecdsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h -ecdsatest.o: ../include/openssl/store.h ../include/openssl/symhacks.h -ecdsatest.o: ../include/openssl/ui.h ../include/openssl/x509.h -ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c +ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ecdsatest.o: ecdsatest.c ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h @@ -8,7 +8,7 @@ else t=testreq.pem fi -if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then +if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then echo "skipping req conversion test for $t" exit 0 fi |